[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenSSL + Kerberos + Cyrus-SASL + OpenLDAP


This may be the wrong place to ask this--if so, please accept my
apologies.  (I've also asked it on an OpenSSL mailing list.)

First, some background.

I'm new to OpenSSL, Kerberos, Cyrus-SASL and OpenLDAP--other than
having used OpenSSL with OpenSSH and, more recently, Apache.  So please
bear with me.

My plan is the evaluate whether I can replace the rather disjointed
authentication and directory mechanisms we have in place at work (NIS+,
separate Samba passwd file, maybe even address books) with LDAP.  A
second goal is to better-serve the Win2k and WinXP machines, if
possible.  We also have (RedHat) Linux servers in the smaller offices.
It would be nice to be able to admin their accounts from the main
facility and use LDAP replication to those.  Then there are the laptop
users that roam between the facilities.  Not-to-mention the users that
require access to file services at multiple locations--currently
necessitating manually "cloning" user accounts (yech).  The primary
server will be Sun Sparc Solaris 8, btw.

To that end: I plan to build, install, learn and experiment with the
four packages noted.  I plan to start by studying/learning the entirety
of "LDAP System Administration", by Gerald Carter (O'Reilly).

Now for the current burning question I have.

In order to do what I'm trying to do, *is* it necessary to build
OpenSSL *itself* with Kerberos support?

I mainly ask this question because, due to manual intervention I've had
to do to get OpenSSL to build with Kerberos support, I'd just as soon
not build OpenSSL with Kerberos support if I don't really need it.

Jim Seymour                  | PGP Public Key available at:
jseymour@LinxNet.com         | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |